Main Vulnerability Database Vulnerabilities #VU32629

Use-after-free in Xen - CVE-2013-4371

Published: October 18, 2013 / Updated: July 28, 2020

Vulnerability identifier: #VU32629

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-4371

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing unspecified vectors. A local users can cause a denial of service (heap corruption and crash) and possibly execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.openwall.com/lists/oss-security/2013/10/10/12

Use-after-free in Xen - CVE-2013-4371

Description

Remediation

External links

Please verify you're human